In essence, it will require apps to get explicit permission from users to take data from them, such as their name and email address. It also requires app developers to explain to users how their data will be used or shared with other companies. Most controversially, the act proposes that consumers should be able to delete their data at any time. Advertisers, of course, want that data to be as timeline-deep as possible.

Many app developers already ask for various permissions from users. But the effort is voluntary, inconsistent across apps, and not uniformly applied.

Advertisers have most to lose from the act: App development is funded in large part by the ads that run on apps that are downloaded. Anything that restricts that free-flowing environment is likely to be opposed by advertisers. The NetChoice e-commerce group, for instance, has been working in voluntary guidelines of its own and is hoping to persuade Congress to allow app developers and mobile advertisers to regulate themselves based on their proposals, rather than enact new law.

The act proposes to regulate:

(A) The categories of personal data that will be collected.

(B) The categories of purposes for which the personal data will be used.

(C) The categories of third parties with which the personal data will be shared.

(D) A data retention policy that governs the length for which the personal data will be stored and the terms and conditions applicable to storage, including a description of the rights of the user under subsection (b) and the process by which the user may exercise such rights.